Scanning of compound files by File Anti-Virus
January 10, 2024
A common technique of concealing viruses and other malware is to implant them in compound files, such as archives or databases. To detect viruses and other malware that are hidden in this way, the compound file has to be unpacked, which may slow down scanning. You can limit the set of compound files to be scanned, thus speeding up scanning.
To configure scanning of compound files:
- Open Kaspersky Security Center Administration Console.
- In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
- In the workspace, select the Policies tab.
- Select the Light Agent for Linux policy in the list of policies and open the Properties: <Policy name> window by double-clicking.
- In the policy properties window, select the File Anti-Virus section in the list on the left.
- In the right part of the window, in the Security level section, click the Settings button.
- In the File Anti-Virus window that opens, on the Performance tab, in the Scan compound files section, specify the types of compound files that you want to scan by selecting the corresponding check boxes: packed files, archives, self-extracting archives, mail databases, or mail files.
- Click the Additional button.
- In the Compound files window that opens, in the Time limit section, do one of the following:
- If you want File Anti-Virus to skip files when the specified time runs out, select the Skip files if scanning takes more than and specify the value you need in the Maximum scan time field.
- If you do not want File Anti-Virus to skip files when the specified time runs out, clear the Skip files that are scanned for longer than check box.
- In the Size limit section, do one of the following:
- If you want File Anti-Virus to unpack large-sized compound files, clear the Do not unpack large compound files check box.
- If you do not want File Anti-Virus to unpack large-sized compound files, select the Do not unpack large compound files check box and specify the required value in the Maximum file size field.
A file is considered large if its size exceeds the value in the Maximum file size field.
File Anti-Virus scans large-sized files that are extracted from archives, regardless of whether or not the Do not unpack large compound files check box is set.
- In the Compound files window, click OK.
- Click OK in the File Anti-Virus window.
- Click the Apply button.